From 69e511c4c2a0409fa69658cf95bf5c4072b2b2d0 Mon Sep 17 00:00:00 2001
From: Alexis Reigel <mail@koffeinfrei.org>
Date: Wed, 14 Jun 2017 11:51:34 +0200
Subject: cache the gpg commit signature

we store the result of the gpg commit verification in the db because the
gpg verification is an expensive operation.
---
 app/models/commit.rb | 25 +++++--------------------
 1 file changed, 5 insertions(+), 20 deletions(-)

(limited to 'app/models/commit.rb')

diff --git a/app/models/commit.rb b/app/models/commit.rb
index a6a11a2d3a5..6c5556902ec 100644
--- a/app/models/commit.rb
+++ b/app/models/commit.rb
@@ -239,29 +239,14 @@ class Commit
 
     @signature = nil
 
-    signature, signed_text = @raw.signature(project.repository)
+    cached_signature = GpgSignature.find_by(commit_sha: sha)
+    return cached_signature if cached_signature.present?
 
-    return unless signature && signed_text
+    gpg_commit = Gitlab::Gpg::Commit.new(self)
 
-    Gitlab::Gpg.using_tmp_keychain do
-      # first we need to get the keyid from the signature...
-      GPGME::Crypto.new.verify(signature, signed_text: signed_text) do |verified_signature|
-        @signature = verified_signature
-      end
-
-      # ... then we query the gpg key belonging to the keyid.
-      gpg_key = GpgKey.find_by(primary_keyid: @signature.fingerprint)
-
-      return @signature unless gpg_key
-
-      Gitlab::Gpg::CurrentKeyChain.add(gpg_key.key)
-
-      GPGME::Crypto.new.verify(signature, signed_text: signed_text) do |verified_signature|
-        @signature = verified_signature
-      end
-    end
+    return unless gpg_commit.has_signature?
 
-    @signature
+    @signature = gpg_commit.signature
   end
 
   def revert_branch_name
-- 
cgit v1.2.1